Folks,
SPI Labs has discovered a technique to scan a network, fingerprint all
the web-enabled devices it finds, and send attacks or commands to those
devices. This technique can scan networks protected behind firewalls
such as corporate networks. All the code to do this is written in
JavaScript and uses parts of the standard that are almost 10 years old.
Accordingly, the code can execute in nearly any web browser on nearly
any platform when a user simply opens at a webpage that contains the
JavaScript. Since this is not exploiting any browser bug or
vulnerability, there is no patch or defense for the end user other than
turning off JavaScript support in the browser. The code can be part of a
Cross Site Scripting (XSS) attack payload, increasing the damage XSS can
do.
SPI has published a whitepaper about this technique and has also release
proof of concept code that will portscan a given range of IP's and
fingerprint Microsoft IIS and Apache boxes.
Whitepaper:
http://www.spidynamics.com/spilabs/education/articles/JS-portscan.html
Proof of Concept: http://www.spidynamics.com/spilabs/js-port-scan/
Have fun,
Billy Hoffman
--
Lead R&D Engineer
SPI Dynamics - http://www.spidynamics.com <http://www.spidynamics.com/>
Phone: 678-781-4800
Direct: 678-781-4845
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060727/88bac6e2/attachment.html>